US7624267B2 - SIM-based authentication method capable of supporting inter-AP fast handover - Google Patents
SIM-based authentication method capable of supporting inter-AP fast handover Download PDFInfo
- Publication number
- US7624267B2 US7624267B2 US10/883,810 US88381004A US7624267B2 US 7624267 B2 US7624267 B2 US 7624267B2 US 88381004 A US88381004 A US 88381004A US 7624267 B2 US7624267 B2 US 7624267B2
- Authority
- US
- United States
- Prior art keywords
- authentication
- mobile node
- key
- network
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 239000000523 sample Substances 0.000 claims abstract description 10
- 230000004044 response Effects 0.000 claims description 62
- 230000002123 temporal effect Effects 0.000 claims description 45
- 238000012546 transfer Methods 0.000 claims description 5
- 230000001413 cellular effect Effects 0.000 description 6
- 101100454361 Arabidopsis thaliana LCB1 gene Proteins 0.000 description 3
- 101100171146 Oryza sativa subsp. japonica DREB2C gene Proteins 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/062—Pre-authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
- H04W36/0016—Hand-off preparation specially adapted for end-to-end data sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/08—Reselecting an access point
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Definitions
- the present invention relates to an authentication method for wireless local area networks (WLANs) and, more particularly, to an SIM-based authentication method capable of supporting inter-AP fast handover.
- WLANs wireless local area networks
- SIM-based authentication method capable of supporting inter-AP fast handover.
- FIG. 1 is a block diagram of a typical GSM/GPRS authentication and encryption mechanism.
- the network 12 When sending an access request from a mobile station 11 with SIM card to a network 12 , the network 12 randomly generates a random number RAND for the mobile station 11 .
- the network 12 further generates a signature response SRES and an encrypted key Kc respectively by using the authentication algorithm A 3 and the encrypted key generation algorithm A 8 based on the random number RAND and a private key Ki.
- the mobile station 11 sends the received random number RAND to the SIM card 111 in order to generate identical signature response SRES and encryption key Kc through the private key Ki and algorithms A 3 and A 8 in the SIM card 111 .
- the mobile phone 11 sends the identical signature response SRES back to the network 12 .
- the network 12 compares the received identical signature response SRES with the signature response SRES generated by itself. When the comparison is matched, it results in authentication success.
- the mobile phone 11 and the network 12 use respective encryption key Kc and an encryption algorithm A 5 to encrypt/decrypt transfer data.
- the cited SIM-based authentication and encryption mechanism has an essential advantage that device portable is provided to transfer the authentication basis from the mobile phone to the SIM card, and thus GSM/GPRS users can conveniently change their mobile equipment at will.
- Current WLANs have been developing to use SIM as an authentication module. Accordingly, authentication basis will be unified in WLANs and cellular networks to thus complete security, unify the billing system and avoid inconvenience of user re-application, which can have significant help for B3G development.
- FIG. 2 is a flowchart of WLAN network access of a mobile node (MN) 21 to an access point (AP) 22 .
- MN mobile node
- AP access point
- FIG. 2 is a flowchart of WLAN network access of a mobile node (MN) 21 to an access point (AP) 22 .
- MN mobile node
- AP access point
- FIG. 2 is a flowchart of WLAN network access of a mobile node (MN) 21 to an access point (AP) 22 .
- WEP Wired Equivalent Privacy
- FIG. 3 shows an authentication procedure for the IEEE 802.1x port-based access control according to current EAP (Extensible Authentication Protocol)-SIM draft.
- EAP Extensible Authentication Protocol
- the MN 21 generates a random number NONCE_MT to the AAA server 23 for challenging network validity (step S 301 ).
- the AAA server 23 requests n sets of GSM/GPRS network authentication triplets (RAND, SRES, Kc) from an authentication center 24 (AuC) (step S 302 ) and then computes an authentication key K_aut based on the NONCE_MT and n Kc given by AuC for further generating a response AT_MAC according to the K_aut and NONCE_MT (step S 303 ) and sending the AT_MAC and n RAND back to the MN 21 (step S 304 ).
- the MN 21 can verify AT_MAC to obtain network authentication and generate a response AT_MAC with n SRES respectively to the n sets of RAND (step S 305 ).
- the AT_MAC with n SRES is sent to the AAA server (step S 306 ) to verify the MN 21 oppositely.
- the MN 21 only challenges the AAA server 23 managed by a WLAN provider.
- the AuC 24 for providing the network authentication triplet is managed by a cellular network provider.
- the AuC 24 no longer participates in the authentication procedure after the AAA server 23 obtains the network authentication triplet.
- the network authentication triplet may be illegally used to cause security defect.
- the AAA server 23 for the network authentication is generally placed in a remote control room and thus delay time caused by the authentication is large. Further, more delay time may be caused by, for example, a MN handover re-authentication to the AAA server 23 . Therefore, it is desirable to provide an improved authentication method to mitigate and/or obviate the aforementioned problems.
- An object of the invention is to provide an SIM-based authentication method, which can effectively prevent a manipulated network device from stealing secret data of a user, thereby providing a safe WLAN environment.
- Another object of the invention is to provide an SIM-based authentication method capable of supporting inter-AP fast handover in a WLAN, which can reduce unnecessary re-authentication procedure without affecting security, thereby effectively reducing time required by a mobile node for an inter-AP handover.
- an SIM-based authentication method which performs authentication on mobile nodes and networks in a wireless local area network (WLAN) environment such that packets between a legal mobile node and a legal network are transmitted through the WLAN.
- the mobile node has at least one SIM (Subscriber Identification Module) and the WLAN has at least one access point (AP) to service the mobile node and an authentication server, and is connected to a cellular network authentication center.
- the method includes a network authentication random number generating step, a network authentication signature response generating step, a mobile node pre-authentication random number generating step, a mobile node pre-authentication random number selecting step, a network authentication step, a mobile node authentication signature response generating step and a mobile node authentication step.
- the mobile node In the network authentication random number generating step, the mobile node generates a network authentication random number for sending to the authentication center and computes a first signature response based on the network authentication random number. In the network authentication signature response generating step, the authentication center computes a second signature response based on the network authentication random number and sends the second signature response to the authentication server. In the mobile node pre-authentication random generating step, the authentication center generates one or more mobile node pre-authentication random numbers and corresponding signature responses for sending to the authentication sever.
- the authentication server selects one mobile node authentication random number and corresponding third signature response from the mobile node authentication random numbers and corresponding signature responses, and sends the mobile node pre-authentication random number and the second signature response to the mobile node.
- the mobile node authenticates the network by comparing the second signature response with the first signature response.
- the mobile node authentication signature response generating step the mobile node computes a fourth signature response based on the mobile node authentication random number, and sends the fourth signature response to the authentication server.
- the authentication server authenticates the mobile node by comparing the fourth signature response with the third signature response.
- an SIM-based authentication method capable of supporting inter-AP fast handover in a WLAN.
- the WLAN includes an authentication server and multiple access points managed by the authentication server.
- One of the access points services a mobile node.
- a same temporal key is applied to message integrity check and encryption/decryption packets transmitted between the mobile node and its currently corresponding access point.
- the method includes an aggressive key pre-distribution step, a passive key pre-query/distribution step, a handover step and a check step.
- the authentication server automatically distributes the temporal key to at least one access point around the access point currently servicing the mobile node.
- the mobile node issues a WLAN standard probe message to trigger access points around the mobile node for performing key pre-query on the mobile node, which makes the authentication server passively distribute a temporal key for the mobile node to access points around the access point currently servicing the mobile node before the mobile node moves to a new access point.
- the mobile node moves to the new access point and is set as an authenticated mobile node.
- the new access point checks its internal record to find the temporal key for the mobile node, thereby proceeding integrity protection and packet encryption/decryption.
- FIG. 1 is a block diagram of a typical SIM-based GSM/GPRS authentication and encryption mechanism
- FIG. 2 is a graph of network access of a mobile node to an access point
- FIG. 3 is an authentication procedure for the IEEE 802.1x port-based access control according to current EAP-SIM draft
- FIG. 4 is a message flowchart of an SIM-based authentication method according to the invention.
- FIG. 5 is a flowchart of applying encryption key to encrypt/decrypt packets between a WLAN and a mobile node after required authentication for the mobile node is complete and the mobile node moves to a new access point according to the invention
- FIG. 6 is a message flowchart of handover occurrence in an authenticated mobile node moving from an old access point to a new access point and this new access point has the corresponding temporal key for this mobile node;
- FIG. 7 is a message flowchart of handover occurrence in a authenticated mobile node moving from an old access point to a new access point and this new access point does not have the corresponding temporal key for this mobile node;
- FIG. 8 is a re-authentication procedure to activate when using a temporal key for a long time.
- FIG. 4 is a message flowchart of an SIM-based authentication method according to the invention.
- a mobile node (MN) 21 first, for authenticating the network side, a mobile node (MN) 21 generates a random number RAND M .
- the random number RAND M and a MAC address of the MN 21 are sent to an authentication center (AuC) 24 of a cellular network through the access point (AP) 22 and an AAA (Authentication, Authorization and Accounting) server 23 (step S 401 ).
- the MN 21 further uses an authentication algorithm A 3 and an encryption key generation algorithm A 8 to compute a signature response SRES M and an encrypted key Kc M respectively corresponding to the random number RAND M .
- the AuC 24 when the AuC 24 receives the random number RAND M , it accordingly generates a network authentication triplet (RAND M , SRES M , Kc M ), wherein the AuC 24 also uses the authentication algorithm A 3 and the encryption key generation algorithm A 8 to compute the signature response SRES M and the encryption key Kc M respectively corresponding to the random number RAND M .
- the AuC 24 then sends the triplet (RAND M , SRES M , Kc M ) to the AAA server 23 (step S 402 ).
- the AuC 24 also generates n mobile node authentication triplets (RAND,SRES,Kc) ⁇ n and sends them to the AAA server 23 (step S 403 ).
- the AAA server 23 can select one mobile node authentication triplet (RAND N ,SRES N ,Kc N ) for authenticating the MN 21 .
- the AAA server 23 sends both the random number RAND N of the mobile node authentication triplet selected and the signature response SRES M of the network authentication triplet back to the MN 21 through AP 22 (step S 404 ).
- the MN 21 can compare the response SRES M received with its own one (step S 405 ) and thus complete network authentication if they are matched.
- the MN 21 can use the authentication algorithm A 3 and the encryption key generation algorithm A 8 to compute the signature response SRES N and the encryption key Kc N respectively corresponding to the random number RAND N .
- the MN 21 sends the signature response SRES N to the AAA server 23 through the access point (AP) 22 (step S 406 ).
- the AAA server 23 compares the signature response SRES N sent by the MN 21 with its own one (step S 407 ) and thus complete mobile node authentication if they are matched. As such, safe full authentication (mutual authentication) is achieved by sending the signature responses RAND M and RAND N to and from.
- the encryption keys Kc M and Kc N are completely exchanged so that the MN 21 and the AAA server 23 have the same encryption keys Kc M and Kc N respectively.
- an encryption key is applied to message integrity check and encryption/decryption packets transmitted between the network and the mobile node, wherein the encryption key can be Kc M , Kc N or a combination thereof.
- the encryption keys Kc M and Kc N are concatenated as a temporal key Kc.
- data packet encryption and integrity is protected based on this temporal key by Temporal Key Integrity Protocol (TKIP), Advances Encryption Standard (AES) or any other security algorithm, thus packets can be transmitted safely between the network and the mobile node.
- TKIP Temporal Key Integrity Protocol
- AES Advances Encryption Standard
- the temporal key Kc (Kc M plus Kc N ) for packet integrity protection and encryption/decryption can effectively prevent messages from illegally cracking or stealing by an unauthorized person.
- the temporal key Kc can be directly applied to packet encryption/decryption between the MN 21 and the AP 22 ′ (after three steps of probe, IEEE 802.11 authentication and association), without 802.1x re-authentication, i.e., the MN 21 does not require re-authentication for the movement.
- the invention applies key pre-distribution technique to the AP 22 ′ for obtaining the temporal key Kc as soon as possible before the MN 21 moves to the AP 22 ′.
- the key pre-distribution technique can have strategies and methods roughly divided into key flooding and select distribution.
- the key flooding is that the AAA server 23 pre-distributes required temporal key Kc to all APs.
- the select distribution is that the AAA server 23 only pre-distributes required temporal key Kc to one or plural APs around the AP 22 where the MN 21 is currently located on.
- FIG. 6 is a message flowchart of handover occurrence in a mobile node moving from an old access point to a new access point with a temporal key.
- the MN 21 when changing to the new AP 22 ′, the MN 21 sends an traditional 802.11 probe request with the privacy bit set to inform the new AP 22 ′, which is to be an authenticated MN 21 (step S 601 ).
- the MN 21 sets a privacy bit (WEP bit) in the probe request such that when the new AP 22 ′ finds the privacy bit set (which represents that a verified MN is processing the probe), it further look up the internal record (step S 602 ) to find the temporal key Kc for the MN 21 to perform packet encryption/decryption and authentication.
- the temporal key Kc is found, the subsequent IEEE802.11 standard authentication and association between the MN 21 and the new AP 22 ′ is complete under a secured environment protected by temporal key.
- 802.11 association finished MN 21 can access AP 22 ′ without 802.1x re-authentication.
- FIG. 7 is a message flowchart of handover occurrence in a mobile node moving from an old access point to a new access point without the temporal key.
- the MN 21 informs the new AP 22 ′ its authentication in the probe step (step S 701 ).
- the new AP 22 ′ checks the internal record (step S 702 ) but cannot find the temporal key Kc for the MN 21 .
- the new AP 22 ′ sends a key query message to the AAA server 23 to ask for the temporal key Kc (step S 703 ).
- the AP 22 ′ will hold association procedure until the AAA server to send corresponding temporal key for MN 21 . After 802.11 association finished, MN 21 can access AP 22 ′ without 802.1x re-authentication. If the AAA server 23 does not have the temporal key Kc, the new AP 22 ′ has to activate a full authentication procedure.
- FIG. 8 shows a re-authentication procedure to activate when using a temporal key for a long time.
- a counter records packet transfer number between the MN 21 and the AP 22 to thus indicate used number of the temporal key.
- the counter is not reset for handover.
- the AAA server 23 activates a re-authentication procedure 81 which is executed on the background without pausing the original data transfer between MN and AP 22 .
- the AAA server 23 selects another mobile node authentication triplet (RAND X , SRES X , Kc X ) not used from the n triplets (RAND, SRES, Kc) ⁇ n given by the AuC 24 in the previous authentication.
- the AAA server 23 sends random number RAND X of the triplet to the MN 21 through the AP 22 (step S 802 ).
- the MN 21 can use the authentication algorithm A 3 and the encryption key generation algorithm A 8 to compute the signature response SRES X and the encrypted key KC X respectively corresponding to the random number RAND X .
- the MN 21 sends the signature response SRES X to the AAA server 23 (step S 803 ).
- the AAA server 23 can compare the signature response SRES X received with its own one (step S 804 ) and thus complete re-authentication to the MN 21 if they are matched.
- the encryption key Kc N is updated by Kc X .
- the encryption keys Kc M and Kc X are distributed to the AP 22 currently located by the MN 21 and access points around the AP 22 (step 805 ).
- the MN 21 , the AP 22 and the AAA server 23 have the same encryption keys Kc M and Kc X respectively.
- the MN 21 When the MN 21 receives a message of EAP-Success (step S 806 ), it activates the new temporal key Kc by sending a message packet with a counter reset to inform the AP 22 about applying the new encryption key Kc X to integrity protection and encryption/decryption operation. However, before the counter is reset, the MN 21 and the AP 22 still apply the old encrypted key KC N to integrity protection and encryption/decryption operation for making sure that data messages between the MN 21 and the AP 22 are continuously processed before the re-authentication is complete.
- TSC TKIP Sequence Counter
- the invention uses periodic updated re-authentication procedure at non-handover to periodically update the key for a mobile node, thereby ensuring appropriate total key-used number and effectively obtaining desired fast and safe WLAN environment.
Abstract
Description
Claims (15)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW093103101 | 2004-02-10 | ||
TW093103101A TWI249316B (en) | 2004-02-10 | 2004-02-10 | SIM-based authentication method for supporting inter-AP fast handover |
Publications (2)
Publication Number | Publication Date |
---|---|
US20050177723A1 US20050177723A1 (en) | 2005-08-11 |
US7624267B2 true US7624267B2 (en) | 2009-11-24 |
Family
ID=34825409
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/883,810 Active 2028-06-25 US7624267B2 (en) | 2004-02-10 | 2004-07-06 | SIM-based authentication method capable of supporting inter-AP fast handover |
Country Status (2)
Country | Link |
---|---|
US (1) | US7624267B2 (en) |
TW (1) | TWI249316B (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060235795A1 (en) * | 2005-04-19 | 2006-10-19 | Microsoft Corporation | Secure network commercial transactions |
US20060235761A1 (en) * | 2005-04-19 | 2006-10-19 | Microsoft Corporation | Method and apparatus for network transactions |
US20060235796A1 (en) * | 2005-04-19 | 2006-10-19 | Microsoft Corporation | Authentication for a commercial transaction using a mobile module |
US20080288777A1 (en) * | 2005-02-21 | 2008-11-20 | Xiaolong Lai | A Peer-to-Peer Access Control Method Based on Ports |
US20080319913A1 (en) * | 2007-05-25 | 2008-12-25 | Wiechers Xavier | Anonymous online payment systems and methods |
US20090046644A1 (en) * | 2007-08-17 | 2009-02-19 | Qualcomm Incorporated | Service set manager for ad hoc mobile service provider |
US20090047966A1 (en) * | 2007-08-17 | 2009-02-19 | Qualcomm Incorporated | Method for a heterogeneous wireless ad hoc mobile internet access service |
US20100118830A1 (en) * | 2008-11-10 | 2010-05-13 | Cisco Technology, Inc. | Mobile Intelligent Roaming Using Multi-Modal Access Point Devices |
US20110201337A1 (en) * | 2007-12-19 | 2011-08-18 | Nokia Corporation | Methods, apparatuses, system, and related computer program products for handover security |
US20120011576A1 (en) * | 2009-03-18 | 2012-01-12 | Huawei Technologies Co., Ltd. | Method, device, and system for pre-authentication |
US20140011478A1 (en) * | 2009-05-07 | 2014-01-09 | Jasper Wireless | System and method for responding to aggressive behavior associated with wireless devices |
US8644206B2 (en) | 2007-08-17 | 2014-02-04 | Qualcomm Incorporated | Ad hoc service provider configuration for broadcasting service information |
US20150215299A1 (en) * | 2014-01-30 | 2015-07-30 | Novell, Inc. | Proximity-based authentication |
US9179367B2 (en) | 2009-05-26 | 2015-11-03 | Qualcomm Incorporated | Maximizing service provider utility in a heterogeneous wireless ad-hoc network |
US9392445B2 (en) * | 2007-08-17 | 2016-07-12 | Qualcomm Incorporated | Handoff at an ad-hoc mobile service provider |
US20160212129A1 (en) * | 2013-08-29 | 2016-07-21 | Liberty Vaults Limited | System for Accessing Data from Multiple Devices |
US11647392B1 (en) | 2021-12-16 | 2023-05-09 | Bank Of America Corporation | Systems and methods for context-aware mobile application session protection |
US11716622B2 (en) | 2021-07-20 | 2023-08-01 | Bank Of America Corporation | System for identification of secure wireless network access points using cryptographic pre-shared keys |
Families Citing this family (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7475241B2 (en) * | 2002-11-22 | 2009-01-06 | Cisco Technology, Inc. | Methods and apparatus for dynamic session key generation and rekeying in mobile IP |
US7870389B1 (en) | 2002-12-24 | 2011-01-11 | Cisco Technology, Inc. | Methods and apparatus for authenticating mobility entities using kerberos |
US7181196B2 (en) * | 2003-05-15 | 2007-02-20 | Lucent Technologies Inc. | Performing authentication in a communications system |
US7639802B2 (en) * | 2004-09-27 | 2009-12-29 | Cisco Technology, Inc. | Methods and apparatus for bootstrapping Mobile-Foreign and Foreign-Home authentication keys in Mobile IP |
US7502331B2 (en) * | 2004-11-17 | 2009-03-10 | Cisco Technology, Inc. | Infrastructure-less bootstrapping: trustless bootstrapping to enable mobility for mobile devices |
KR100680177B1 (en) * | 2004-12-30 | 2007-02-08 | 삼성전자주식회사 | User authentication method and system being in home network |
US7626963B2 (en) * | 2005-10-25 | 2009-12-01 | Cisco Technology, Inc. | EAP/SIM authentication for mobile IP to leverage GSM/SIM authentication infrastructure |
US8139521B2 (en) * | 2005-10-28 | 2012-03-20 | Interdigital Technology Corporation | Wireless nodes with active authentication and associated methods |
GB2435117A (en) * | 2006-02-10 | 2007-08-15 | Rabbit Point Ltd | Automatic roaming authentication in IP-based communication |
US8356171B2 (en) * | 2006-04-26 | 2013-01-15 | Cisco Technology, Inc. | System and method for implementing fast reauthentication |
US8583929B2 (en) * | 2006-05-26 | 2013-11-12 | Alcatel Lucent | Encryption method for secure packet transmission |
EP1865656A1 (en) * | 2006-06-08 | 2007-12-12 | BRITISH TELECOMMUNICATIONS public limited company | Provision of secure communications connection using third party authentication |
NO326556B1 (en) * | 2006-06-13 | 2009-01-12 | Ubisafe As | Method and system for strong authentication using pregenerated GSM authentication data |
US20080134306A1 (en) * | 2006-12-04 | 2008-06-05 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for fast handover and authentication in a packet data network |
CN100583745C (en) * | 2006-12-06 | 2010-01-20 | 华为技术有限公司 | Cryptographic key generation and distribution method and system based on Diameter server |
US8446875B2 (en) * | 2007-02-23 | 2013-05-21 | Toshiba America Research, Inc. | Media independent pre-authentication supporting fast-handoff in proxy MIPv6 environment |
CN101309500B (en) | 2007-05-15 | 2011-07-20 | 华为技术有限公司 | Security negotiation method and apparatus when switching between different wireless access technologies |
WO2008155508A1 (en) * | 2007-06-14 | 2008-12-24 | France Telecom | Method of distributing an authentication key, corresponding terminal, mobility server and computer programs |
CN101400059B (en) * | 2007-09-28 | 2010-12-08 | 华为技术有限公司 | Cipher key updating method and device under active state |
KR100922899B1 (en) * | 2007-12-06 | 2009-10-20 | 한국전자통신연구원 | Method of authentication control of access network in handover of mobile terminal, and system thereof |
KR100991169B1 (en) * | 2008-12-12 | 2010-11-01 | 경북대학교 산학협력단 | Fast handover method in the wireless LAN and mobile device using the fast handover method |
US8881305B2 (en) * | 2009-07-13 | 2014-11-04 | Blackberry Limited | Methods and apparatus for maintaining secure connections in a wireless communication network |
EP2276278A1 (en) * | 2009-07-13 | 2011-01-19 | Research In Motion Limited | Methods and apparatus for maintaining secure connections in a wireless communication network |
CN102025685B (en) * | 2009-09-21 | 2013-09-11 | 华为技术有限公司 | Authentication processing method and device |
TWI399069B (en) * | 2010-04-07 | 2013-06-11 | Gamania Digital Entertainment Co Ltd | Two - way authentication system and its method |
EP2475144A1 (en) * | 2011-01-05 | 2012-07-11 | Gemalto SA | Method for communicating between a server and a client and corresponding client, server and system |
JP5652556B2 (en) * | 2011-11-18 | 2015-01-14 | 富士通株式会社 | Communication node, communication control method, and communication node control program |
WO2013134149A2 (en) * | 2012-03-05 | 2013-09-12 | Interdigital Patent Holdings Inc. | Devices and methods for pre-association discovery in communication networks |
US9380038B2 (en) * | 2012-03-09 | 2016-06-28 | T-Mobile Usa, Inc. | Bootstrap authentication framework |
US9801052B2 (en) * | 2012-06-13 | 2017-10-24 | Samsung Electronics Co., Ltd. | Method and system for securing control packets and data packets in a mobile broadband network environment |
TWI477180B (en) * | 2013-01-17 | 2015-03-11 | Chunghwa Telecom Co Ltd | Differentiate the way of registering wireless base stations |
US9100175B2 (en) * | 2013-11-19 | 2015-08-04 | M2M And Iot Technologies, Llc | Embedded universal integrated circuit card supporting two-factor authentication |
US10700856B2 (en) | 2013-11-19 | 2020-06-30 | Network-1 Technologies, Inc. | Key derivation for a module using an embedded universal integrated circuit card |
CN106231016A (en) * | 2016-08-27 | 2016-12-14 | 上海与德通讯技术有限公司 | Terminal unit |
EP3531615B1 (en) * | 2018-02-21 | 2024-04-10 | EM Microelectronic-Marin SA | Method for authenticating a transponder communicating with a server |
CN112702776B (en) * | 2020-12-15 | 2023-03-21 | 锐捷网络股份有限公司 | Method for realizing wireless terminal access to wireless local area network and wireless access point |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040066769A1 (en) * | 2002-10-08 | 2004-04-08 | Kalle Ahmavaara | Method and system for establishing a connection via an access network |
US20050130659A1 (en) * | 2003-06-30 | 2005-06-16 | Nokia Corporation | Method for optimizing handover between communication networks |
US20050149734A1 (en) * | 2004-01-02 | 2005-07-07 | Nokia Corporation | Replay prevention mechanism for EAP/SIM authentication |
US20070060106A1 (en) * | 2000-03-31 | 2007-03-15 | Henry Haverinen | Authentication in a packet data network |
US20070154017A1 (en) * | 2005-12-08 | 2007-07-05 | Samsung Electronics Co., Ltd. | Method for transmitting security context for handover in portable internet system |
US7565135B2 (en) * | 2003-05-15 | 2009-07-21 | Alcatel-Lucent Usa Inc. | Performing authentication in a communications system |
-
2004
- 2004-02-10 TW TW093103101A patent/TWI249316B/en not_active IP Right Cessation
- 2004-07-06 US US10/883,810 patent/US7624267B2/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070060106A1 (en) * | 2000-03-31 | 2007-03-15 | Henry Haverinen | Authentication in a packet data network |
US7512796B2 (en) * | 2000-03-31 | 2009-03-31 | Nokia Corporation | Authentication in a packet data network |
US20040066769A1 (en) * | 2002-10-08 | 2004-04-08 | Kalle Ahmavaara | Method and system for establishing a connection via an access network |
US7565135B2 (en) * | 2003-05-15 | 2009-07-21 | Alcatel-Lucent Usa Inc. | Performing authentication in a communications system |
US20050130659A1 (en) * | 2003-06-30 | 2005-06-16 | Nokia Corporation | Method for optimizing handover between communication networks |
US20050149734A1 (en) * | 2004-01-02 | 2005-07-07 | Nokia Corporation | Replay prevention mechanism for EAP/SIM authentication |
US7418595B2 (en) * | 2004-01-02 | 2008-08-26 | Nokia Siemens Networks Oy | Replay prevention mechanism for EAP/SIM authentication |
US20070154017A1 (en) * | 2005-12-08 | 2007-07-05 | Samsung Electronics Co., Ltd. | Method for transmitting security context for handover in portable internet system |
Non-Patent Citations (16)
Title |
---|
Arunesh Mishra et. al.; An Empirical Analysis of the IEEE 802.11 MAC Layer Handoff Process; 8 pp. |
C. Rigney et. al.; Remote Authentication Dial In User Service (RADIUS); Jun. 2000; The Internet Society; pp. 1-57. |
Digital cellular telecommunications system (Phase 2+); Security related network functions (GSM 03.20 version 5.1.1); Aug. 1997; European Telecommunication Standards Institute; France; 51 pp. |
Draft Supplement to Standard for Telecommunications and Information Exchange Between Systems-LAN/MAN Specific Requirements-Part 11: Wireless Medium Access Control (MAC) and physical layer (PHY) specifications: Specification for Enhanced Security; Nov. 2002; IEEE Std. 802.11i/D3.0; 211 pp. |
H. Haverinen (ed.) et. al.; EAP SIM Authentication; Internet Engineering Task Force; 65 pp. |
H. Krawczyk et. al.; HMAC; Keyed-Hashing for Message Authentication; Feb. 1997; pp. 1-9. |
Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications; 1999; ANSI/IEEE Std. 802.11; 528 pp. |
Kaj J. Grahn et. al.; Security of Mobile and Wireless Networks; Jun. 2002; Informing Science; pp. 587-600. |
L. Blunk et. al.; PPP Extensible Authentication Protocol (EAP); Mar. 1998; The Internet Society; pp. 1-12. |
Nikita Borisov; Security of the WEP algorithm; University of California Berekeley; 4 pp. |
Pat R. Calhoun et. al.; Diameter Base Protocol; Dec. 2002; The Internet Society; 165 pp. |
Port-Based Network Access Control; 2001; IEEE Std. 802.1x-2001; New York; 142 pp. |
Sangheon Pack et. al.; Fast Inter-AP Handoff Using Predictive Authentication Scheme In A Public Wireless LAN; 2002; School of Computer Science and Engineering, Seoul National University, Seoul Korea; pp. 1-12. |
Sangheon Pack et. al.; Pre-Authenticated Fast Handoff in a Public Wireless LAN Based on IEEE 802.1x Model1; 2002; School of Computer Science and Engineering, Seoul National University, Seoul Korea; 8 pp. |
William A. Arbaugh et. al.; Your 802.11 Wireless Network has No Clothes*; Mar. 30, 2001; Department of Computer Science, university of Maryland, College Park, Maryland; pp. 1-13. |
Yu-Ren Huang; Fast handover scheme for SIM-based authentication in WLAN/cellular integrated networks; Jun. 2002; 61 pp.; Natioanl Chiao Tung University, Hsinchu, Taiwan, R.O.C. |
Cited By (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8176325B2 (en) * | 2005-02-21 | 2012-05-08 | China Iwncomm Co., Ltd. | Peer-to-peer access control method based on ports |
US20080288777A1 (en) * | 2005-02-21 | 2008-11-20 | Xiaolong Lai | A Peer-to-Peer Access Control Method Based on Ports |
US20060235761A1 (en) * | 2005-04-19 | 2006-10-19 | Microsoft Corporation | Method and apparatus for network transactions |
US20060235796A1 (en) * | 2005-04-19 | 2006-10-19 | Microsoft Corporation | Authentication for a commercial transaction using a mobile module |
US8996423B2 (en) * | 2005-04-19 | 2015-03-31 | Microsoft Corporation | Authentication for a commercial transaction using a mobile module |
US20060235795A1 (en) * | 2005-04-19 | 2006-10-19 | Microsoft Corporation | Secure network commercial transactions |
US7849020B2 (en) | 2005-04-19 | 2010-12-07 | Microsoft Corporation | Method and apparatus for network transactions |
US20080319913A1 (en) * | 2007-05-25 | 2008-12-25 | Wiechers Xavier | Anonymous online payment systems and methods |
US8666905B2 (en) * | 2007-05-25 | 2014-03-04 | Robert Bourne | Anonymous online payment systems and methods |
US8644206B2 (en) | 2007-08-17 | 2014-02-04 | Qualcomm Incorporated | Ad hoc service provider configuration for broadcasting service information |
US20090047966A1 (en) * | 2007-08-17 | 2009-02-19 | Qualcomm Incorporated | Method for a heterogeneous wireless ad hoc mobile internet access service |
US9398453B2 (en) | 2007-08-17 | 2016-07-19 | Qualcomm Incorporated | Ad hoc service provider's ability to provide service for a wireless network |
US9392445B2 (en) * | 2007-08-17 | 2016-07-12 | Qualcomm Incorporated | Handoff at an ad-hoc mobile service provider |
US9167426B2 (en) | 2007-08-17 | 2015-10-20 | Qualcomm Incorporated | Ad hoc service provider's ability to provide service for a wireless network |
US20090046644A1 (en) * | 2007-08-17 | 2009-02-19 | Qualcomm Incorporated | Service set manager for ad hoc mobile service provider |
US20110201337A1 (en) * | 2007-12-19 | 2011-08-18 | Nokia Corporation | Methods, apparatuses, system, and related computer program products for handover security |
US8331906B2 (en) * | 2007-12-19 | 2012-12-11 | Nokia Corporation | Methods, apparatuses, system, and related computer program products for handover security |
US20100118830A1 (en) * | 2008-11-10 | 2010-05-13 | Cisco Technology, Inc. | Mobile Intelligent Roaming Using Multi-Modal Access Point Devices |
US8204029B2 (en) * | 2008-11-10 | 2012-06-19 | Cisco Technology, Inc. | Mobile intelligent roaming using multi-modal access point devices |
US20120011576A1 (en) * | 2009-03-18 | 2012-01-12 | Huawei Technologies Co., Ltd. | Method, device, and system for pre-authentication |
US8443419B2 (en) * | 2009-03-18 | 2013-05-14 | Huawei Technologies Co., Ltd. | Method, device, and system for pre-authentication |
US20140011478A1 (en) * | 2009-05-07 | 2014-01-09 | Jasper Wireless | System and method for responding to aggressive behavior associated with wireless devices |
US9166950B2 (en) * | 2009-05-07 | 2015-10-20 | Jasper Technologies, Inc. | System and method for responding to aggressive behavior associated with wireless devices |
US9167471B2 (en) * | 2009-05-07 | 2015-10-20 | Jasper Technologies, Inc. | System and method for responding to aggressive behavior associated with wireless devices |
US20150244676A1 (en) * | 2009-05-07 | 2015-08-27 | Jasper Technologies, Inc. | System and method for responding to aggressive behavior associated with wireless devices |
US9756014B2 (en) | 2009-05-07 | 2017-09-05 | Cisco Technology, Inc. | System and method for responding to aggressive behavior associated with wireless devices |
US9179367B2 (en) | 2009-05-26 | 2015-11-03 | Qualcomm Incorporated | Maximizing service provider utility in a heterogeneous wireless ad-hoc network |
US20160212129A1 (en) * | 2013-08-29 | 2016-07-21 | Liberty Vaults Limited | System for Accessing Data from Multiple Devices |
US10893045B2 (en) * | 2013-08-29 | 2021-01-12 | Liberty Labs Limited | System for accessing data from multiple devices |
US20210344678A1 (en) * | 2013-08-29 | 2021-11-04 | Liberty Vaults Limited | System for accessing data from multiple devices |
US20150215299A1 (en) * | 2014-01-30 | 2015-07-30 | Novell, Inc. | Proximity-based authentication |
US9722984B2 (en) * | 2014-01-30 | 2017-08-01 | Netiq Corporation | Proximity-based authentication |
US11716622B2 (en) | 2021-07-20 | 2023-08-01 | Bank Of America Corporation | System for identification of secure wireless network access points using cryptographic pre-shared keys |
US11647392B1 (en) | 2021-12-16 | 2023-05-09 | Bank Of America Corporation | Systems and methods for context-aware mobile application session protection |
Also Published As
Publication number | Publication date |
---|---|
TW200527875A (en) | 2005-08-16 |
TWI249316B (en) | 2006-02-11 |
US20050177723A1 (en) | 2005-08-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7624267B2 (en) | SIM-based authentication method capable of supporting inter-AP fast handover | |
US8140845B2 (en) | Scheme for authentication and dynamic key exchange | |
CA2490131C (en) | Key generation in a communication system | |
US7158777B2 (en) | Authentication method for fast handover in a wireless local area network | |
CA2608261C (en) | Authentication system and method thereof in a communication system | |
US9392453B2 (en) | Authentication | |
US20060094401A1 (en) | Method and apparatus for authentication of mobile devices | |
US8094821B2 (en) | Key generation in a communication system | |
US20050254653A1 (en) | Pre-authentication of mobile clients by sharing a master key among secured authenticators | |
US20080046732A1 (en) | Ad-hoc network key management | |
US20050135624A1 (en) | System and method for pre-authentication across wireless local area networks (WLANS) | |
CN103096307A (en) | Secret key verification method and device | |
Tseng | USIM-based EAP-TLS authentication protocol for wireless local area networks | |
Kumar et al. | A secure, efficient and lightweight user authentication scheme for wireless LAN | |
Lin et al. | Performance Evaluation of the Fast Authentication Schemes in GSM-WLAN Heterogeneous Networks. | |
Sher et al. | Network access security management (NASM) model for next generation mobile telecommunication networks | |
Abdelkader et al. | A novel advanced identity management scheme for seamless handoff in 4G wireless networks | |
Huang et al. | Provable secure AKA scheme with reliable key delegation in UMTS | |
Hur et al. | An efficient pre-authentication scheme for IEEE 802.11-based vehicular networks | |
KR101023605B1 (en) | Method of obtaining user ID using tunneled transport layer security | |
Lin et al. | Authentication schemes based on the EAP-SIM mechanism in GSM-WLAN heterogeneous mobile networks | |
Hori et al. | Security Analysis of MIS Protocol on Wireless LAN comparison with IEEE802. 11i | |
van Oorschot et al. | Wireless lan security: 802.11 and wi-fi | |
Pervaiz et al. | Security in wireless local area networks | |
Frankel et al. | Guide to ieee 802.11 i: Establishing robust security networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTE, TAIWAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HUANG, YU-REN;YANG, JEN-SHUN;TSENG, CHIEN-CHAO;AND OTHERS;REEL/FRAME:015554/0117;SIGNING DATES FROM 20040617 TO 20040625 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
CC | Certificate of correction | ||
FPAY | Fee payment |
Year of fee payment: 4 |
|
FPAY | Fee payment |
Year of fee payment: 8 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 12 |